Results

**11 - 14**of**14**### Lattice-based Algorithms for Number Partitioning in the Hard Phase

"... The number partitioning problem (NPP) is to divide n numbers a1,..., an into two disjoint subsets such that the difference between the two subset sums – the discrepancy, ∆, is minimized. In the balanced version of NPP (BalNPP), the subsets must have the same cardinality. With ajs chosen uniformly fr ..."

Abstract
- Add to MetaCart

(Show Context)
The number partitioning problem (NPP) is to divide n numbers a1,..., an into two disjoint subsets such that the difference between the two subset sums – the discrepancy, ∆, is minimized. In the balanced version of NPP (BalNPP), the subsets must have the same cardinality. With ajs chosen uniformly from [1, R], R> 2n gives the hard phase, when there are no equal partitions (i.e., ∆ = 0) with high probability (whp). In this phase, the minimum partition is also unique whp. Most current methods struggle in the hard phase, as they often perform exhaustive enumeration of all partitions to find the optimum. We propose reductions of NPP and BalNPP in the hard phase to the closest vector problem (CVP). We can solve the original problems by making polynomial numbers of calls to a CVP oracle. In practice, we implement a heuristic which applies basis reduction (BR) to several CVP instances (less than 2n in most cases). This method finds near-optimal solutions without proof of optimality to NPP problems with reasonably large dimensions – up to n = 75. second, we propose a truncated NPP algorithm, which finds approximate minimum discrepancies for instances on which the BR approach is not effective. In place of the original instance, we solve a modified instance with āj = ⌊aj/T ⌉ for some T ≤ R. We show that the expected optimal discrepancy of the original problem given by the truncated solution, E (∆ ∗ T), is not much different from the expected optimal discrepancy: E (∆ ∗ T) ≤ E (∆∗) + nT/2. This algorithm can be used to find good quality partitions within a short time for problems of sizes up to n = 100. Third, we propose a direct mixed integer programming (MIP) model for NPP and BalNPP. We then solve a lattice-based reformulation of the original MIP using standard branch-and-cut methods. Assuming it terminates, the MIP model is guaranteed to find the optimum partition. 1

### Decoding Random Binary . . . 1 + 1 = 0 Improves Information Set Decoding

"... Decoding random linear codes is a well studied problem with many applications in complexity theory and cryptography. The security of almost all coding and LPN/LWE-based schemes relies on the assumption that it is hard to decode random linear codes. Recently, there has been progress in improving th ..."

Abstract
- Add to MetaCart

Decoding random linear codes is a well studied problem with many applications in complexity theory and cryptography. The security of almost all coding and LPN/LWE-based schemes relies on the assumption that it is hard to decode random linear codes. Recently, there has been progress in improving the running time of the best decoding algorithms for binary random codes. The ball collision technique of Bernstein, Lange and Peters lowered the complexity of Stern’s information set decoding algorithm to 2 0.0556n. Using representations this bound was improved to 2 0.0537n by May, Meurer and Thomae. We show how to further increase the number of representations and propose a new information set decoding algorithm with running time 2 0.0494n.

### SPACE–TIME TRADEOFFS FOR SUBSET SUM: AN IMPROVED WORST CASE ALGORITHM

"... Abstract. The technique of Schroeppel and Shamir (SICOMP, 1981) has long been the most efficient way to trade space against time for the Subset Sum problem. In the random-instance setting, however, improved tradeoffs exist. In particular, the recently discovered dissection method of Dinur et al. (CR ..."

Abstract
- Add to MetaCart

(Show Context)
Abstract. The technique of Schroeppel and Shamir (SICOMP, 1981) has long been the most efficient way to trade space against time for the Subset Sum problem. In the random-instance setting, however, improved tradeoffs exist. In particular, the recently discovered dissection method of Dinur et al. (CRYPTO 2012) yields a significantly improved space–time tradeoff curve for instances with strong randomness properties. Our main result is that these strong randomness assumptions can be removed, obtaining the same space– time tradeoffs in the worst case. We also show that for small space usage the dissection algorithm can be almost fully parallelized. Our strategy for dealing with arbitrary instances is to instead inject the randomness into the dissec-tion process itself by working over a carefully selected but random composite modulus, and to introduce explicit space–time controls into the algorithm by means of a “bailout mechanism”. 1.